The present invention relates to the field of portable tokens, such as smart cards. More particularly, the present invention relates to a management system and method for memory in a smart card.
Smart cards are increasingly used in financial and commercial transactions in the place of credit/debit cards and stored value cards. Rather than employing information encoded on a magnetic strip, smart cards include a microprocessor with a memory element embedded within a some physical form. With a microprocessor, smart cards interact with terminals across a broader range of transactions and are able to communicate a broader and a more detailed range information regarding the cardholder, a cardholder account, transaction authorization, or other information.
FIG. 1 shows an exemplary smart card 10. Rougly the size of a credit card, smart card 10 includes a microprocessor 12 with an integral memory element and conductive contacts 13. Microprocessor 12 is typically a single wafer integrated circuit (IC) mounted on, or embedded within the otherwise plastic smart card. Conductive contacts 13 interface with a terminal to electrically transfer data between the terminal and the smart card. Other smart card embodiments do not include conductive contacts 13. Such xe2x80x9ccontactlessxe2x80x9d smart cards receive information via proximately coupling, such as magnetic coupling, or via remote coupling, such as radio communication.
The microprocessor 12 and conductive contacts 13 of FIG. 1, are shown in some additional detail in FIG. 2. Conductive contacts variously include power contacts, at least one input/output (I/O) port, a reset port, and a clock (clk) signal port. Microprocessor 12 comprises a central processing unit (CPU) 21 which is generically control logic including I/O circuitry 23. Terminal signals variously interface with CPU 21 through the conductive contacts 13 and I/O circuitry 23. Microprocessor 12 further comprises a memory element 20, typically including Random Access Memory (RAM) 22, Read Only Memory (ROM) 24, and Electrically Erasable Programable Read Only Memory (EEPROM) 26.
Operating power, a user input keypad, and a display for the smart card microprocessor are provided by the terminal; i.e., an ATM, merchant point-of-sale device, or security control device, etc. The terminal includes a mechanism detecting the presence of a properly positioned smart card. Upon detecting the smart card, the terminal provides power to the microprocessor, and typically sends a reset (RST) signal to the smart card. The smart card uses the RST signal to reset itself or to initiate an internal reset function. After reset, the smart card returns an answer-to-reset (ATR) signal to the terminal. The ATR signal communicates basic information concerning the smart card to the terminal. Once such basic information is successfully recognized by the terminal, communication, i.e., data transfer, between the smart card and the terminal can be established.
In addition to operating as ATM cards, credit/debit cards and stored value cards, smart cards can be designed to operate as personal identity cards, critical record storage devices, security IDs, etc. In these varied capacities, a smart card may be designed to perform any number, or any combination of data processing functions including, access, storage, transfer, exchange, authorization, etc.
As smart cards are pressed into service to support an increasingly broad range of applications, the demands placed on the smart cards"" memory system increase dramatically. Conventional smart cards have not required true memory management since memory system performance expectations have been very modest. However, if smart cards are to realize their full potential of running a number of independently developed and controlled applications on a single card, an effective, secure memory management system must be implemented.
In early examples of conventional smart cards, an application was stored in ROM and run as an embedded application directly on the microprocessor. Later examples of conventional smart cards incorporated an interpreter in ROM and/or allowed applications to be written into EPROM. In any of these configurations, the conventional smart card memory was accessed and manipulated by any and all applications and/or interpreters running on the smart card. The security problems associated with multiple programs accessing the same memory space are one factor historically militating against the use of multiple applications on a single smart card, particularly multiple applications from different vendors.
Thus, conventional smart cards have rarely been required to truly xe2x80x9cmanagexe2x80x9d their memory space. Some static or even movable boundaries between segments of memory have been used but such boundaries effect only the most primitive aspects of memory allocation.
European patent document 0 292 248 discloses one conventional smart card memory management technique. Here, a so-called xe2x80x9coperating system,xe2x80x9d is stored in ROM, and a movable boundary separates a write only portion of EPROM storing applications from a read/write portion of EPROM storing other data types.
Such macro-partitioning of EPROM between data types, or between individual applications is common in conventional smart cards. Often, the partitioning creates a fixed memory queue in which one application is written behind the next until the queue is full. Once the queue is full no additional programs may be loaded onto the smart card.
The present invention provides a single memory manager, preferably part of a true operating system (OS), through which smart card memory is allocated and deallocated. Since all requests for smart card memory definition (allocation and deallocation) are controlled by the memory manager, memory integrity and security are assured.
Since memory allocation may be made dynamically on an as-needed basis, the smart card memory may be efficiently used, and need not be pre-allocated or defined by arbitrary boundaries.
In allocating and deallocating memory space, the memory manager references a memory management record, typically a bitmap or similar record. During smart card operation, the memory management record is preferably stored in RAM. Accordingly, the memory management record must be recreated in RAM upon smart card initialization. This may be done by recopying a copy of the memory management record previously stored in non-volatile memory by a previous transaction ending in a controlled shut-down, or by poling a file directory stored in non-volatile memory following a transaction ending in an uncontrolled shut-down.
The memory management record may include a broad array of information relating memory to various data objects stored in memory. Primarily, however, it indicates memory availability.
The present invention makes full use of a predictable data record format and an efficient file directory structure. While subject to variation and programmer definition, the data record format provides a basis by which the memory management record may be recreated upon smart card initialization by interrogation of the various data object stored in read/write memory. The file directory is flexible and able to accurately identify all data objects persistent in read/write memory, while occupying a minimum of memory space itself.
A file manager, also preferred as part of the OS, is used to access data records in the file directory. Together with the memory manager, the file manager allows read/write memory to be efficiently allocated and deallocated. Read/write memory space may, in fact, be recycled once a former data object is no longer needed.
Thus, the present invention in it multiple aspects provides a system and method by which memory in a smart card is securely and effectively used, as between multiple applications running on the smart card.